31 December 2007

2007: The Year of Living Dangerously...

What a year 2007 has been for Operational Risk Management. Looking back over the past 365 days, brings visions of significant accomplishment and historical failures. Reflection on what has worked can sometimes bring out the emotions and the evidence of our most vivid encounters with risk. You can't see risk. You can only witness the effectiveness of your work in the aftermath of incidents as a result of your people, processes, systems or external events. That measurement or metrics is why the loss event databases are growing. So we can keep score.

Unfortunately, many are trying to keep score so that they can justify additional funding and resources for their pet projects or new initiatives. The Board of Directors and executive management needs something to judge whether the programs and the efforts for managing risk in the enterprise are working. Sometimes the quantitative must be taken in context with the qualitative measures to see the entire landscape of operational risk across your environment:

Here are just a few National Security milestones in the United States this past year:

PROTECT AMERICA ACT:In August, the President signed the Protect America Act of 2007, which closed critical intelligence gaps that threatened the safety of our Nation. The Protect America Act (PAA) modernized the Foreign Intelligence Surveillance Act of 1978 (FISA) to provide our intelligence community essential tools to acquire important intelligence information about foreign terrorists abroad who want to harm America. Unfortunately, critical provisions of the PAA expire on February 1, and Congress must act to keep our Nation safe by making these tools permanent and provide meaningful liability protection for companies who are believed to have assisted the Government after 9/11.

BORDER SECURITY: The Administration has taken steps within existing law to secure our borders more effectively. In 2007, we exceeded our goal of 145 miles of fencing at the border, and are on track to strengthen the border with 18,300 Border Patrol agents, 370 miles of fencing, 300 miles of vehicle barriers, additional cameras and radar towers, and three additional unmanned aerial vehicles by the end of 2008. The Administration has also instituted a policy of "catch and return," ensuring that all removable aliens caught trying to cross the border illegally are held until they can be returned to their home countries.

IMMIGRATION ENFORCEMENT: In 2007, ICE removed roughly 240,000 illegal aliens, made over 850 criminal arrests, and fined or seized more than $30 million following worksite investigations. The Department of Homeland Security has issued a "No-Match" regulation to help employers ensure their workers are legal and help the Government identify and crack down on employers who knowingly hire illegal workers. Unfortunately, this useful regulation is being held up by misguided litigation.

COUNTERTERRORISM: Working with our partners overseas, U.S. efforts to combat terrorism have contributed to the arrest of terrorist suspects and have disrupted plots aimed at both the United States and its allies. For example, in September, U.S. and German authorities disrupted a major terrorist plot resulting in the arrest of three suspects who were planning to attack a U.S. military base in Germany as well as Frankfurt International Airport. In June, the United States worked with authorities in Trinidad to arrest four men suspected of planning to blow up fuel tanks and a fuel pipeline at the John F. Kennedy International Airport.

NATIONAL STRATEGY FOR HOMELAND SECURITY: In October, the President issued an updated National Strategy for Homeland Security, which is serving to guide, organize, and unify our Nation's homeland security efforts. The Strategy articulates our approach to secure the Homeland over the next several years, reflects our increased understanding of the threats confronting the United States, incorporates lessons learned from exercises and real-world catastrophes, and articulates how we should ensure our long-term success by strengthening the homeland security foundation we have built.

9/11 COMMISSION ACT: On August 3, the President signed the "Implementing Recommendations of the 9/11 Commission Act of 2007." This legislation protects Americans from being unduly prosecuted for reporting activity that could lead to acts of terrorism, and takes steps to modernize the VISA Waiver Program, particularly the additional security measures. The President continues to work with Congress to advance security and foreign policy objectives by allowing greater flexibility to bring some of our closest allies into the program.

In other events across the globe we witnessed how risks continue to challenge even the most prepared nations:

Virginia Tech joined the annals of US gun atrocities when a student killed 32 people and then turned the weapon on himself in what was the country's worst shooting rampage.

Three days after Gordon Brown became prime minister, and a day after two car bombs were found in London, Scotland experienced its first terrorist attack since Lockerbie. Two alleged Islamic extremists, one a doctor, drove a Jeep into the security bollards at the entrance of a busy Glasgow Airport on the first Saturday of the local school holidays. The car carried explosive gas canisters and although it burst into flames on impact, most of the containers remained intact. A few bystanders were injured, and were treated at nearby Royal Alexandra Hospital where one of the alleged terrorists worked. The driver of the car, Kafeel Ahmed, 27, died a month later from his burns, and others suspected of being involved in the attack were apprehended on the M6. All the suspects in the case were foreign recruits to the NHS.

The credit crunch arrived. Northern Rock became the most high-profile British victim of a crisis sparked by low-income American homeowners who'd been lent money they could never afford to pay back. Northern Rock was forced to apply to the Bank of England for emergency funds, in what was to become one of the biggest financial crises in a generation. Cue panic, cue queues.

A human chain of depositors formed at branches as bank customers attempted to reclaim their money. There was some very un-British behaviour, with police called to one branch when a couple staged a sit-down in an attempt to recover their £1m deposit. They left empty-handed. The run on Northern Rock caused the Treasury to pledge that no-one would lose their shirt, a promise which has so far cost £24 billion in lending to the troubled institution. The sheen of middle class security was wiped off property prices as people began to sniff a recession. It was the first of many indicators that Britain was still a nation divided by class, education and income.

The most significant event of the year, for the future of the planet, came this month when the Arctic Ocean melted back to a record low point. The extreme melt rate was not predicted by any supercomputer or climate change scenario and scientists began to think that an educated guess for an ice-free Arctic summer might be 2030, well within most of our lifetimes.

Six foreign-born men are charged in what authorities say was a plot to attack the Fort Dix Army base in New Jersey.

Pakistani army commandos capture the Red Mosque in a 35-hour battle; the cleric who led the mosque's violent anti-vice campaign is among those killed.

A strong earthquake in northwestern Japan causes malfunctions at the world's most powerful nuclear power plant, including radioactive water spilled into the Sea of Japan.

Minneapolis bridge collapses into the Mississippi River during evening rush hour; 13 people are killed.

Mattel recalls 9 million Chinese-made toys because of lead paint or tiny magnets that could be swallowed.

CIA director says interrogations of two top terror suspects in 2002 were videotaped but the tapes were destroyed later to prevent leaks; lawmakers and courts investigate whether evidence was destroyed.

President Pervez Musharraf lifts a six-week state of emergency he says was imposed to save Pakistan from destruction from an unspecified conspiracy.

Opposition leader Benazir Bhutto is assassinated in Pakistan by an attacker who shot her after a campaign rally and then blew himself up. The attack and rioting after her death claim at least 29 more lives.

These events over the course of 2007 illustrate the breadth and depth of the operational risks we face in the next few years. Climate change, terrorism, market volatility and human behavior will continue to challenge us as professionals. So as we embark on a new journey into 2008 what resolutions will we make? What have we learned about risk? Can it be managed?

One event not mentioned above may be a clear warning for a threat still unimagined in it's capacity to cripple the entire planet.

Cyber security experts quoted in the McAfee report believe 99 per cent of attacks on government systems go unnoticed. But one attack this year that could not be overlooked was launched against the Baltic nation of Estonia, and that incident serves as a warning for other nations. The report calls the Estonia attack in April 2007 "the first real example of nation states flexing their cyber-warfare capabilities".

Estonian computers for government, banks and news organisations were hit with what is known as a distributed denial of service attack - that is, they were bombarded with so many requests they couldn't function.

First the mobile fails. Intermittent black spots are nothing new but you haven't had so much as an SMS from motormouth Michael in hours or anything from Jen who always calls with arrangements for Tuesday's movie by now.

You resign yourself to catching up on email and the frustrations mount with each minute on an unresponsive computer. Has the whole world stopped?

You resist the urge to slam the door as you head to the nearest ATM and the walk does you good ... until you key in your pin number. The machine is so sluggish it seems to take forever but eventually the screen responds. The news is worse than you thought. Your balance is: $0. It's as worrying as it is wrong. No mobile, no mail, no money.

You want to throw your hands in the air - and surrender is a more appropriate response than you suspect. You've lost a war you didn't even know was being waged.

The war of the future, according to an international look into cyber crime, could well be waged online. And the dangers are magnifying as governments and organised groups hone their abilities to spy on each other and attack critical pieces of public infrastructure with an arsenal of e-weapons.

No comments:

Post a Comment

About

Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. The definition includes legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of an institutions activities.

"The Only Thing Necessary For Evil To Triumph Is For Good Men To Do Nothing." --E. Burke